authelia/server/test/routes/password-reset/post.test.ts
Clement Michaud 6b78240d39 Fix endpoints redirection on errors
From this commit on, api endpoints reply with a 401 error code and non api
endpoints redirect to /error/40X.

This commit also fixes missing restrictions on /loggedin (the "already logged
in page). This was not a security issue, though.

The change also makes error pages automatically redirect the user after few
seconds based on the referrer or the default_redirection_url if provided in the
configuration.

Warning: The old /verify endpoint of the REST API has moved to /api/verify.
You will need to update your nginx configuration to take this change into
account.
2017-11-01 14:46:23 +01:00

124 lines
4.3 KiB
TypeScript

import PasswordResetFormPost = require("../../../src/lib/routes/password-reset/form/post");
import { PasswordUpdater } from "../../../src/lib/ldap/PasswordUpdater";
import { AuthenticationSessionHandler } from "../../../src/lib/AuthenticationSessionHandler";
import { AuthenticationSession } from "../../../types/AuthenticationSession";
import { UserDataStore } from "../../../src/lib/storage/UserDataStore";
import Sinon = require("sinon");
import Assert = require("assert");
import BluebirdPromise = require("bluebird");
import ExpressMock = require("../../mocks/express");
import { ServerVariablesMock, ServerVariablesMockBuilder } from "../../mocks/ServerVariablesMockBuilder";
import { ServerVariables } from "../../../src/lib/ServerVariables";
describe("test reset password route", function () {
let req: ExpressMock.RequestMock;
let res: ExpressMock.ResponseMock;
let vars: ServerVariables;
let mocks: ServerVariablesMock;
let authSession: AuthenticationSession;
beforeEach(function () {
req = {
originalUrl: "/api/password-reset",
body: {
userid: "user"
},
session: {},
headers: {
host: "localhost"
}
};
const s = ServerVariablesMockBuilder.build();
mocks = s.mocks;
vars = s.variables;
const options = {
inMemoryOnly: true
};
mocks.userDataStore.saveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));
mocks.userDataStore.retrieveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));
mocks.userDataStore.produceIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));
mocks.userDataStore.consumeIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));
mocks.config.ldap = {
url: "ldap://ldapjs",
mail_attribute: "mail",
user: "user",
password: "password",
users_dn: "ou=users,dc=example,dc=com",
groups_dn: "ou=groups,dc=example,dc=com",
users_filter: "user",
group_name_attribute: "cn",
groups_filter: "groups"
};
res = ExpressMock.ResponseMock();
authSession = AuthenticationSessionHandler.get(req as any, vars.logger);
authSession.userid = "user";
authSession.email = "user@example.com";
authSession.first_factor = true;
authSession.second_factor = false;
});
describe("test reset password post", () => {
it("should update the password and reset auth_session for reauthentication", function () {
req.body = {};
req.body.password = "new-password";
mocks.ldapPasswordUpdater.updatePasswordStub.returns(BluebirdPromise.resolve());
authSession.identity_check = {
userid: "user",
challenge: "reset-password"
};
return PasswordResetFormPost.default(vars)(req as any, res as any)
.then(function () {
return AuthenticationSessionHandler.get(req as any, vars.logger);
}).then(function (_authSession) {
Assert.equal(res.status.getCall(0).args[0], 204);
Assert.equal(_authSession.first_factor, false);
Assert.equal(_authSession.second_factor, false);
return BluebirdPromise.resolve();
});
});
it("should fail if identity_challenge does not exist", function () {
authSession.identity_check = {
userid: "user",
challenge: undefined
};
return PasswordResetFormPost.default(vars)(req as any, res as any)
.then(function () {
Assert.equal(res.status.getCall(0).args[0], 200);
Assert.deepEqual(res.send.getCall(0).args[0], {
error: "An error occurred during password reset. Your password has not been changed."
});
});
});
it("should fail when ldap fails", function () {
req.body = {};
req.body.password = "new-password";
mocks.ldapPasswordUpdater.updatePasswordStub
.returns(BluebirdPromise.reject("Internal error with LDAP"));
authSession.identity_check = {
challenge: "reset-password",
userid: "user"
};
return PasswordResetFormPost.default(vars)(req as any, res as any)
.then(function () {
Assert.equal(res.status.getCall(0).args[0], 200);
Assert.deepEqual(res.send.getCall(0).args[0], {
error: "An error occurred during password reset. Your password has not been changed."
});
return BluebirdPromise.resolve();
});
});
});
});